Vulnerabilities > CVE-2021-36205 - Incomplete Cleanup vulnerability in Johnsoncontrols products

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2022-04-15

Updated: 2022-04-25

Summary

Under certain circumstances the session token is not cleared on logout.

Part	Description	Count
Application	Johnsoncontrols Johnsoncontrols Metasys Open Application Server 11.0 Johnsoncontrols Metasys Open Application Server 11.0.1 Johnsoncontrols Metasys Open Application Server 10.0 Johnsoncontrols Metasys Open Application Server 10.1 Johnsoncontrols Metasys Extended Application AND Data Server 11.0 Johnsoncontrols Metasys Extended Application AND Data Server 11.0.1 Johnsoncontrols Metasys Extended Application AND Data Server 10.0 Johnsoncontrols Metasys Extended Application AND Data Server 10.1 Johnsoncontrols Metasys Application AND Data Server 11.0 Johnsoncontrols Metasys Application AND Data Server 11.0.1 Johnsoncontrols Metasys Application AND Data Server 10.0 Johnsoncontrols Metasys Application AND Data Server 10.1	13